The branch, v4-0-test has been updated via 71e2a9a docs: Fix typos. via 56fb38c Raise the level of a debug. via 4dd30fa docs: document "acl allow execute always" via 4101896 s3:smbd: ease file server upgrades from 3.6 and earlier with "acl allow execute aways" via 13be13f loadparm: add new parameter "acl allow execute always" from dab5a79 samba-tool/dns: Pass on additional flags when creating zones
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit 71e2a9ae3b108d24d1f7dc521c4035a4b9f93900 Author: Karolin Seeger <ksee...@samba.org> Date: Thu Sep 12 09:20:03 2013 +0200 docs: Fix typos. This is a follow-up patch for bug #10134 - Samba 4.0 is stricter in checking acls for "open for execution". Signed-off-by: Karolin Seeger <ksee...@samba.org> Reviewed-by: Michael Adam <ob...@samba.org> Autobuild-User(master): Michael Adam <ob...@samba.org> Autobuild-Date(master): Thu Sep 12 11:59:56 CEST 2013 on sn-devel-104 (cherry picked from commit 4af7b709e925d85be9446af179186fc13466626f) Autobuild-User(v4-0-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-0-test): Fri Sep 13 12:54:16 CEST 2013 on sn-devel-104 commit 56fb38ccb195d82e25a7437ccb5956f6ffcae987 Author: Korobkin <korobkin+sa...@gmail.com> Date: Tue Sep 10 16:20:27 2013 -0700 Raise the level of a debug. Bug #10118 - Samba is chatty about being unable to open a printer Reviewed-by: Guenther Deschner <g...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Wed Sep 11 03:10:08 CEST 2013 on sn-devel-104 (cherry picked from commit d809cf653b624a9fde48de3b0c2ab58aca705c50) commit 4dd30fa4c082bdd32f615cde05d077730dec9c5d Author: Michael Adam <ob...@samba.org> Date: Mon Sep 2 16:54:15 2013 +0200 docs: document "acl allow execute always" Signed-off-by: Michael Adam <ob...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> The last 3 patches address bug #10134 - Samba 4.0 is stricter in checking acls for "open for execution". See the following commits in master: de3bc10ef69f23e7dab9fc3f6990bb403824b14e 1e29d730663382875d96c275c60e022a1c33a2d1 a2a3c9f36d7a19d75924cff25fa1b450d85ee6d6 commit 41018965728cba99c4fa8e9cfaa4bc11c4303506 Author: Michael Adam <ob...@samba.org> Date: Mon Sep 2 17:37:50 2013 +0200 s3:smbd: ease file server upgrades from 3.6 and earlier with "acl allow execute aways" 3.6 and earlier allowed open for execution when execute permissions are not present on a file. This has been fixed in Samba 4.0. This patch changes smbd to skip the execute bit from the ACL check in the open code if "acl allow execute always = yes", hence re-establishing the old behaviour in this case. Signed-off-by: Michael Adam <ob...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> commit 13be13fa876c3fe5580e311ed78b791b1980b56f Author: Michael Adam <ob...@samba.org> Date: Mon Sep 2 17:36:59 2013 +0200 loadparm: add new parameter "acl allow execute always" Signed-off-by: Michael Adam <ob...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> ----------------------------------------------------------------------- Summary of changes: .../smbdotconf/protocol/aclallowexecutealways.xml | 26 ++++++++++++++++++++ lib/param/param_functions.c | 1 + lib/param/param_table.c | 10 +++++++ source3/include/proto.h | 1 + source3/param/loadparm.c | 1 + source3/rpc_server/spoolss/srv_spoolss_nt.c | 2 +- source3/smbd/open.c | 16 +++++++++++- 7 files changed, 55 insertions(+), 2 deletions(-) create mode 100644 docs-xml/smbdotconf/protocol/aclallowexecutealways.xml Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml new file mode 100644 index 0000000..49d2c48 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml @@ -0,0 +1,26 @@ +<samba:parameter name="acl allow execute always" + context="S" + type="boolean" + advanced="1" wizard="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This boolean parameter controls the behaviour of <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when receiving a protocol request of "open for execution" + from a Windows client. + With Samba 3.6 and older, the execution right in the ACL was not checked, so a client + could execute a file even if it did not have execute rights on the file. In Samba 4.0, + this has been fixed, so that by default, i.e. when this parameter is set to "False", + "open for execution" is now denied when execution permissions are not present. + </para> + <para> + If this parameter is set to "True", Samba does not check execute permissions on + "open for execution", thus re-establishing the behaviour of Samba 3.6. + This can be useful to smoothen upgrades from older Samba versions to 4.0 and newer. + This setting is not not meant to be used as a permanent setting, but as a temporary relief: + It is recommended to fix the permissions in the ACLs and reset this parameter to the + default after a certain transition period. + </para> +</description> +<value type="default">False</value> +</samba:parameter> diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c index 94652fa..35e199f 100644 --- a/lib/param/param_functions.c +++ b/lib/param/param_functions.c @@ -134,6 +134,7 @@ FN_LOCAL_BOOL(afs_share, bAfs_Share) FN_LOCAL_BOOL(acl_check_permissions, bAclCheckPermissions) FN_LOCAL_BOOL(acl_group_control, bAclGroupControl) FN_LOCAL_BOOL(acl_map_full_control, bAclMapFullControl) +FN_LOCAL_BOOL(acl_allow_execute_always, bAclAllowExecuteAlways) FN_LOCAL_INTEGER(defaultcase, iDefaultCase) FN_LOCAL_INTEGER(minprintspace, iMinPrintSpace) FN_LOCAL_INTEGER(printing, iPrinting) diff --git a/lib/param/param_table.c b/lib/param/param_table.c index a73cd96..5b78eae 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -920,6 +920,16 @@ static struct parm_struct parm_table[] = { .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, }, { + .label = "acl allow execute always", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bAclAllowExecuteAlways), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + + { .label = "create mask", .type = P_OCTAL, .p_class = P_LOCAL, diff --git a/source3/include/proto.h b/source3/include/proto.h index 5f34193..0defbc9 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1326,6 +1326,7 @@ bool lp_afs_share(int ); bool lp_acl_check_permissions(int ); bool lp_acl_group_control(int ); bool lp_acl_map_full_control(int ); +bool lp_acl_allow_execute_always(int); bool lp_durable_handles(int); int lp_create_mask(int ); int lp_force_create_mode(int ); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index e09c2bf..2e05bac 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -264,6 +264,7 @@ static struct loadparm_service sDefault = .bAclCheckPermissions = true, .bAclMapFullControl = true, .bAclGroupControl = false, + .bAclAllowExecuteAlways = false, .bChangeNotify = true, .bKernelChangeNotify = true, .iallocation_roundup_size = SMB_ROUNDUP_ALLOCATION_SIZE, diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 9691cf7..9ecf191 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -1730,7 +1730,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, result = open_printer_hnd(p, r->out.handle, r->in.printername, 0); if (!W_ERROR_IS_OK(result)) { - DEBUG(0,("_spoolss_OpenPrinterEx: Cannot open a printer handle " + DEBUG(3,("_spoolss_OpenPrinterEx: Cannot open a printer handle " "for printer %s\n", r->in.printername)); ZERO_STRUCTP(r->out.handle); return result; diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 16ca34a..0eb1ec2 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -74,6 +74,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, struct security_descriptor *sd = NULL; uint32_t rejected_share_access; uint32_t rejected_mask = access_mask; + uint32_t do_not_check_mask = 0; rejected_share_access = access_mask & ~(conn->share_access); @@ -141,10 +142,23 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, * se_file_access_check() also takes care of * owner WRITE_DAC and READ_CONTROL. */ + do_not_check_mask = FILE_READ_ATTRIBUTES; + + /* + * Samba 3.6 and earlier granted execute access even + * if the ACL did not contain execute rights. + * Samba 4.0 is more correct and checks it. + * The compatibilty mode allows to skip this check + * to smoothen upgrades. + */ + if (lp_acl_allow_execute_always(SNUM(conn))) { + do_not_check_mask |= FILE_EXECUTE; + } + status = se_file_access_check(sd, get_current_nttok(conn), false, - (access_mask & ~FILE_READ_ATTRIBUTES), + (access_mask & ~do_not_check_mask), &rejected_mask); DEBUG(10,("smbd_check_access_rights: file %s requesting " -- Samba Shared Repository